Thanks for reply Mike. I found out the issue. it's pkgadd is modifying the permissions. my colleague nailed it today. whenever we install legato modules which uses pkgmap it's modifying permissions on /var/tmp. I found out the following link . I'm using Solaris 10 U7 which has higher version of the patch mentioned. still it has problem. I'm going to followup with Sun. http://sunsolve.sun.com/search/document.do?assetkey=1-26-102513-1
Thanks for your dtrace script. with little modification it's really helpful. also I found following link bigadmin http://www.sun.com/bigadmin/jsp/descFile.jsp?url=descAll/tracing_the_chmod_c #!/usr/sbin/dtrace -s #pragma D option quiet #pragma D option destructive syscall::chmod:entry / copyinstr(arg0) == "/var/tmp" / { stop() ; self->start = pid ; system("/usr/bin/ptree %d", self->start) ; printf("The chmod command was: %d %s\n", self->start, curpsinfo->pr_psargs) ; printf("Executed by the userID: %d \n", uid) ; system("/usr/bin/prun %d", self->start) ; } syscall::chmod:return /self->start/ { self->start = 0 } Gives o/p like below. # ./check_tmp.d 1638 /usr/lib/ssh/sshd 6790 /usr/lib/ssh/sshd 6791 /usr/lib/ssh/sshd 6810 -bash 11429 chmod 1777 /var/tmp The chmod command was: 11429 chmod 1777 /var/tmp Executed by the userID: 0 Thanks for all replies guys. -- This message posted from opensolaris.org _______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
